CVE-2022-2381

CVE-2022-2381: E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF

Vendor Unknown
Product E Unlocked – Student Result
Weakness CWE-352 · CSRF
Published August 15, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack

Key dates

02Disclosure timeline

August 15, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE